<?php // login1.php

/*
 * Copyright 2010 by Mihaela Sabin and Rebecca Lee.  This program is part of DV Unit CMS.
 * DV Unit CMS is free software.  It comes with absolutely no warranty.
 * You can redistribute it and/or modify it under the terms of the Creative Commons
 * Attribution 3.0 United States License. as published by the Free Software Foundation
 * (see <http://creativecommons.org/licenses/by/3.0/us/ for more information).
*/

require_once 'header.php';
require_once 'login.php';

function sanitizeString($var) {
    $var = strip_tags($var);
    $var = htmlentities($var);
    $var = stripslashes($var);
    return mysql_real_escape_string($var);
}
function queryMysql($query) {
    $result = mysql_query($query) or die("Database access failed: " . mysql_error());
    return $result;
}
echo "<center><h3>User Log In</h3></center>";

$error = $user = $pass = "";

// Figure out if the username/password
// combination exists in the database.

if (isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "") {
        $error = "<html><font color='#FF0000'><b>Not all fields were entered.</b></font></html>";
    }
    else {
        $query = "SELECT UserName, Password
                  FROM user_name
                  WHERE UserName = '$user' AND Password = '$pass'";
        if (mysql_num_rows(queryMysql($query)) == 0) {
            $error = "<html><font color='#FF0000'><b>Invalid username or password.</b></font></html>";
        }
        else {
            $_SESSION['user'] = $user;
            $_SESSION['pass'] = $pass;
            header("donerinfo:search.php");
            }
    }
}

// The log-in form

echo <<<_END
<form method='post' action='login1.php'>
<table border="2" width=45% align="center" rules=none frame=box  cellpadding="10" bgcolor="#003366">
<th align="center"><font color="white">Please enter your username and password to log in</font></th>
<tr><td>
    <table cellpadding="5" align="center">
    <tr>
        <td colspan="2">$error</td>
    </tr>
    <tr>
        <td><font color="white">Username</font></td>
        <td><input type='text' maxlength='16' name='user' value='$user' /></td>
    </tr>

    <tr>
        <td><font color="white">Password</font></td>
        <td><input type='password' maxlength='16' name='pass' value='$pass' /></td>
    </tr>

    <tr>
        <td></td>
        <td>
            <input type='submit' value='Login' />
        </td>
    </tr>
    </table>
</td></tr>
</font></form></table>
_END

?>